Create a secret key used for signing authentication tokens. This file should contain
random data and be placed on every host in the cluster. It should also be owned by the
hdfs user and group owned by the hadoop group. Permissions should be set to 440. For
example:

dd if=/dev/urandom of=/etc/security/http_secret bs=1024 count=1

chown hdfs:hadoop /etc/security/http_secret

chmod 440 /etc/security/http_secret

In Ambari Web, browse to Services > HDFS >
Configs .

Add or modify the following configuration properties to Advanced core-site .

Property

New Value

hadoop.http.authentication.simple.anonymous.allowed

false

hadoop.http.authentication.signature.secret.file

/etc/security/http_secret

hadoop.http.authentication.type

kerberos

hadoop.http.authentication.kerberos.keytab

/etc/security/keytabs/spnego.service.keytab

hadoop.http.authentication.kerberos.principal

HTTP/_HOST@EXAMPLE.COM

hadoop.http.filter.initializers

org.apache.hadoop.security.AuthenticationFilterInitializer

hadoop.http.authentication.cookie.domain

hortonworks.local

Important

The entries listed in the above table in bold and italicized
are site-specific. The hadoop.http.authentication.cookie.domain property is based off of
the fully qualified domain names of the servers in the cluster. For example if the FQDN
of your NameNode is host1.hortonworks.local, the
hadoop.http.authentication.cookie.domain should be set to hortonworks.local.